diff options
author | Laszlo Ersek <lersek@redhat.com> | 2015-11-30 18:48:54 +0000 |
---|---|---|
committer | lersek <lersek@Edk2> | 2015-11-30 18:48:54 +0000 |
commit | b963ec494c4848e99be3bcdd8bb63351f303a3c1 (patch) | |
tree | ef1bba659362e660adc25bf727ad1167305a7ace /OvmfPkg/QemuFlashFvbServicesRuntimeDxe | |
parent | 79397dbd2e134dc98a85a3e2d4806192652336d5 (diff) | |
download | edk2-platforms-b963ec494c4848e99be3bcdd8bb63351f303a3c1.tar.xz |
OvmfPkg: QemuFlashFvbServicesRuntimeDxe: adhere to -D SMM_REQUIRE
When the user requires "security" by passing -D SMM_REQUIRE, and
consequently by setting PcdSmmSmramRequire, enforce flash-based variables.
Furthermore, add two ASSERT()s to catch if the wrong module were pulled
into the build.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jordan Justen <jordan.l.justen@intel.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19063 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'OvmfPkg/QemuFlashFvbServicesRuntimeDxe')
5 files changed, 11 insertions, 0 deletions
diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf index ea8413fcfd..c0dda75bf7 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesRuntimeDxe.inf @@ -85,6 +85,8 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
+[FeaturePcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
[Depex]
TRUE
diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf index 6af0649f86..ba2d3679a4 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FvbServicesSmm.inf @@ -84,6 +84,8 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
+[FeaturePcd]
+ gUefiOvmfPkgTokenSpaceGuid.PcdSmmSmramRequire
[Depex]
TRUE
diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c index c11f598b5a..63b308658e 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c @@ -17,6 +17,7 @@ #include <Guid/EventGroup.h>
#include <Library/DebugLib.h>
#include <Library/DevicePathLib.h>
+#include <Library/PcdLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/UefiRuntimeLib.h>
#include <Protocol/DevicePath.h>
@@ -34,6 +35,8 @@ InstallProtocolInterfaces ( EFI_HANDLE FwbHandle;
EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *OldFwbInterface;
+ ASSERT (!FeaturePcdGet (PcdSmmSmramRequire));
+
//
// Find a handle with a matching device path that has supports FW Block
// protocol
diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c index e77129e03b..e0617f2503 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceSmm.c @@ -15,6 +15,7 @@ **/
#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
#include <Library/SmmServicesTableLib.h>
#include <Protocol/DevicePath.h>
#include <Protocol/SmmFirmwareVolumeBlock.h>
@@ -29,6 +30,8 @@ InstallProtocolInterfaces ( EFI_HANDLE FvbHandle;
EFI_STATUS Status;
+ ASSERT (FeaturePcdGet (PcdSmmSmramRequire));
+
//
// There is no SMM service that can install multiple protocols in the SMM
// protocol database in one go.
diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c index 28bcb135ae..5677b5ee11 100644 --- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c +++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c @@ -245,6 +245,7 @@ QemuFlashInitialize ( mFdBlockCount = PcdGet32 (PcdOvmfFirmwareFdSize) / mFdBlockSize;
if (!QemuFlashDetected ()) {
+ ASSERT (!FeaturePcdGet (PcdSmmSmramRequire));
return EFI_WRITE_PROTECTED;
}
|